]> git.vanrenterghem.biz Git - www.vanrenterghem.biz.git/blob - phpBB2/includes/functions_validate.php
Baseline
[www.vanrenterghem.biz.git] / phpBB2 / includes / functions_validate.php
1 <?php
2 /***************************************************************************
3  *                          functions_validate.php
4  *                            -------------------
5  *   begin                : Saturday, Feb 13, 2001
6  *   copyright            : (C) 2001 The phpBB Group
7  *   email                : support@phpbb.com
8  *
9  *   $Id: functions_validate.php,v 1.6.2.15 2005/10/30 15:17:14 acydburn Exp $
10  *
11  *
12  ***************************************************************************/
14 /***************************************************************************
15  *
16  *   This program is free software; you can redistribute it and/or modify
17  *   it under the terms of the GNU General Public License as published by
18  *   the Free Software Foundation; either version 2 of the License, or
19  *   (at your option) any later version.
20  *
21  ***************************************************************************/
23 //
24 // Check to see if the username has been taken, or if it is disallowed.
25 // Also checks if it includes the " character, which we don't allow in usernames.
26 // Used for registering, changing names, and posting anonymously with a username
27 //
28 function validate_username($username)
29 {
30         global $db, $lang, $userdata;
32         // Remove doubled up spaces
33         $username = preg_replace('#\s+#', ' ', trim($username)); 
34         $username = phpbb_clean_username($username);
36         $sql = "SELECT username 
37                 FROM " . USERS_TABLE . "
38                 WHERE LOWER(username) = '" . strtolower($username) . "'";
39         if ($result = $db->sql_query($sql))
40         {
41                 while ($row = $db->sql_fetchrow($result))
42                 {
43                         if (($userdata['session_logged_in'] && $row['username'] != $userdata['username']) || !$userdata['session_logged_in'])
44                         {
45                                 $db->sql_freeresult($result);
46                                 return array('error' => true, 'error_msg' => $lang['Username_taken']);
47                         }
48                 }
49         }
50         $db->sql_freeresult($result);
52         $sql = "SELECT group_name
53                 FROM " . GROUPS_TABLE . " 
54                 WHERE LOWER(group_name) = '" . strtolower($username) . "'";
55         if ($result = $db->sql_query($sql))
56         {
57                 if ($row = $db->sql_fetchrow($result))
58                 {
59                         $db->sql_freeresult($result);
60                         return array('error' => true, 'error_msg' => $lang['Username_taken']);
61                 }
62         }
63         $db->sql_freeresult($result);
65         $sql = "SELECT disallow_username
66                 FROM " . DISALLOW_TABLE;
67         if ($result = $db->sql_query($sql))
68         {
69                 if ($row = $db->sql_fetchrow($result))
70                 {
71                         do
72                         {
73                                 if (preg_match("#\b(" . str_replace("\*", ".*?", preg_quote($row['disallow_username'], '#')) . ")\b#i", $username))
74                                 {
75                                         $db->sql_freeresult($result);
76                                         return array('error' => true, 'error_msg' => $lang['Username_disallowed']);
77                                 }
78                         }
79                         while($row = $db->sql_fetchrow($result));
80                 }
81         }
82         $db->sql_freeresult($result);
84         $sql = "SELECT word 
85                 FROM  " . WORDS_TABLE;
86         if ($result = $db->sql_query($sql))
87         {
88                 if ($row = $db->sql_fetchrow($result))
89                 {
90                         do
91                         {
92                                 if (preg_match("#\b(" . str_replace("\*", ".*?", preg_quote($row['word'], '#')) . ")\b#i", $username))
93                                 {
94                                         $db->sql_freeresult($result);
95                                         return array('error' => true, 'error_msg' => $lang['Username_disallowed']);
96                                 }
97                         }
98                         while ($row = $db->sql_fetchrow($result));
99                 }
100         }
101         $db->sql_freeresult($result);
103         // Don't allow " and ALT-255 in username.
104         if (strstr($username, '"') || strstr($username, '&quot;') || strstr($username, chr(160)))
105         {
106                 return array('error' => true, 'error_msg' => $lang['Username_invalid']);
107         }
109         return array('error' => false, 'error_msg' => '');
112 //
113 // Check to see if email address is banned
114 // or already present in the DB
115 //
116 function validate_email($email)
118         global $db, $lang;
120         if ($email != '')
121         {
122                 if (preg_match('/^[a-z0-9&\'\.\-_\+]+@[a-z0-9\-]+\.([a-z0-9\-]+\.)*?[a-z]+$/is', $email))
123                 {
124                         $sql = "SELECT ban_email
125                                 FROM " . BANLIST_TABLE;
126                         if ($result = $db->sql_query($sql))
127                         {
128                                 if ($row = $db->sql_fetchrow($result))
129                                 {
130                                         do
131                                         {
132                                                 $match_email = str_replace('*', '.*?', $row['ban_email']);
133                                                 if (preg_match('/^' . $match_email . '$/is', $email))
134                                                 {
135                                                         $db->sql_freeresult($result);
136                                                         return array('error' => true, 'error_msg' => $lang['Email_banned']);
137                                                 }
138                                         }
139                                         while($row = $db->sql_fetchrow($result));
140                                 }
141                         }
142                         $db->sql_freeresult($result);
144                         $sql = "SELECT user_email
145                                 FROM " . USERS_TABLE . "
146                                 WHERE user_email = '" . str_replace("\'", "''", $email) . "'";
147                         if (!($result = $db->sql_query($sql)))
148                         {
149                                 message_die(GENERAL_ERROR, "Couldn't obtain user email information.", "", __LINE__, __FILE__, $sql);
150                         }
151                 
152                         if ($row = $db->sql_fetchrow($result))
153                         {
154                                 return array('error' => true, 'error_msg' => $lang['Email_taken']);
155                         }
156                         $db->sql_freeresult($result);
158                         return array('error' => false, 'error_msg' => '');
159                 }
160         }
162         return array('error' => true, 'error_msg' => $lang['Email_invalid']);
165 //
166 // Does supplementary validation of optional profile fields. This expects common stuff like trim() and strip_tags()
167 // to have already been run. Params are passed by-ref, so we can set them to the empty string if they fail.
168 //
169 function validate_optional_fields(&$icq, &$aim, &$msnm, &$yim, &$website, &$location, &$occupation, &$interests, &$sig)
171         $check_var_length = array('aim', 'msnm', 'yim', 'location', 'occupation', 'interests', 'sig');
173         for($i = 0; $i < count($check_var_length); $i++)
174         {
175                 if (strlen($$check_var_length[$i]) < 2)
176                 {
177                         $$check_var_length[$i] = '';
178                 }
179         }
181         // ICQ number has to be only numbers.
182         if (!preg_match('/^[0-9]+$/', $icq))
183         {
184                 $icq = '';
185         }
186         
187         // website has to start with http://, followed by something with length at least 3 that
188         // contains at least one dot.
189         if ($website != "")
190         {
191                 if (!preg_match('#^http[s]?:\/\/#i', $website))
192                 {
193                         $website = 'http://' . $website;
194                 }
196                 if (!preg_match('#^http[s]?\\:\\/\\/[a-z0-9\-]+\.([a-z0-9\-]+\.)?[a-z]+#i', $website))
197                 {
198                         $website = '';
199                 }
200         }
202         return;
205 ?>